diff options
| author | 2025-01-14 20:54:09 +0000 | |
|---|---|---|
| committer | 2025-01-17 11:32:46 -0800 | |
| commit | 0bb6108bfa916dfb9eefb26c59703df986bc32ed (patch) | |
| tree | 8c44a1bec030bd486a3994189db82a2a1a28b07d /libs/androidfw/ApkParsing.cpp | |
| parent | 73a93318fd138f29c26274eef7811a76a90599fb (diff) | |
Assert Parcel not in pool when used (partial reland)
Parcel lifetime, according to its API contract, ends
when Parcel.recycle() is called. However, sometimes
people use it after this point, especially in exception
handling and other complex code. This causes what is
effectively a UAF issue, as the ownership of that Parcel
may be opened for another user in the same process.
In order to resolve this, whenever a Parcel is used
while it is in the pool, we consider this an error.
This is only added on readInt, since it is used on
every Parcel. Adding this to all 200+ Parcel methods
causes too much memory due to heavy inlining of these
methods.
Bug: 381155347
Test: boot
Change-Id: I77c54c66c54b73f0df6c350ee9cb66a16c253e43
Diffstat (limited to 'libs/androidfw/ApkParsing.cpp')
0 files changed, 0 insertions, 0 deletions